the thing is that org.jboss.naming.HttpNamingContextFactory uses "org.jboss.invocation.http.interfaces.Util" which sets "java.net.Authenticator.setDefault()" with "org.jboss.invocation.http.interfaces.Util$SetAuthenticator" which uses "org.jboss.security.SecurityAssociationAuthenticator" that needs "org.jboss.security.SecurityAssociation" that holds Credential and Pricipal object

But you might have some problems with SSL.

p.s. I took me 2 days to come up with thise lines (I guess I have IQ problem :-)